There are a lot of reasons to run multiple networks, but I’d have a hard time thinking of it as a “normal” architecture. Usually, it is done by an MSP or similar to manage multiple customers that have their own sovereignty concerns. You could have a situation where you have very highly classified data resources and want to provide a separate network, to minimize the administrative access, etc. It increases the operations load, costs, etc. but certainly could be justified. However, if the same people and systems are running it, I would be hard pressed to see it as a gain. More touches means more chances for mistakes, more auditing to perform, etc. If you do have a sufficient reason, endpoints can use more than one identity, so they can be members of multiple networks simultaneously, removing any need for internet network unencrypted traffic. Of course, this means there is a potential cross over point at the endpoint, so that must be taken into consideration.
Personally, if I were running all the networks myself, for myself (So I don’t have customers to worry about dedicated resources) I would focus my time on protecting the controller(s, once HA is available) with appropriate security controls. There are the normal OS logs, audit logs, and any protections you can apply at the OS or CSP level. We use a combination of CSP security groups to limit ssh access, ssh key authentication only, OS level audit logs to a SIEM, change audit logs from Ziti, CIS benchmark hardened instances, unattended security updates, and other controls to protect the security of our Network Controllers and Edge Routers.
More routers doesn’t really mean more security, but for exactly the reason you state, they are beneficial. If you are using the network for East-West traffic, you would want the data plane to stay local. That reduces internet traffic and any costs associated, as well as latency, which gives performance, while still maintaining all the control and monitoring of the OpenZiti network.
I love to have security architecture discussions around OpenZiti, so if there are finer points you are thinking about, fire away.